CVE-2006-2019
published 2006-04-25CVE-2006-2019: Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD…
PriorityP420medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
4.07%
89.4th percentile
Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | webkit | — | — |
| jsboard | jsboard | <= 2.0.11 | — |
| omnigroup | omniweb | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c398-43hf-w2rg: WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element wit
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2007-0342 [MEDIUM] CWE-476 GHSA-c398-43hf-w2rg: WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element wit
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019.
GHSA
GHSA-rxfg-3q5p-g4xv: Directory traversal vulnerability in login
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2007-1842 [MEDIUM] GHSA-rxfg-3q5p-g4xv: Directory traversal vulnerability in login
Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
GHSA
GHSA-wjv5-g9f8-6544: Apple Mac OS X Safari 2
ghsa_unreviewed·2022-05-01
CVE-2006-2019 [MEDIUM] GHSA-wjv5-g9f8-6544: Apple Mac OS X Safari 2
Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute.
GHSA
Server Side Request Forgery in Apache Axis
ghsa·2019-05-14
CVE-2019-0227 [HIGH] CWE-918 Server Side Request Forgery in Apache Axis
Server Side Request Forgery in Apache Axis
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.
Red Hat
php: link function accepts filenames with embedded null byte and treats them as terminating at that byte on Windows
vendor_redhat·2019-11-23·CVSS 5.0
CVE-2019-11044 [MEDIUM] CWE-170 php: link function accepts filenames with embedded null byte and treats them as terminating at that byte on Windows
php: link function accepts filenames with embedded null byte and treats them as terminating at that byte on Windows
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
A flaw was discovered in the link function in PHP. When compiled on Windows, it does not correctly handle paths containing NULL bytes. An attacker could abuse this flaw to bypass application checks on file paths.
Statement: This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8 as the flaw only affects Windows builds. See CVE-2006-72
Red Hat
axis: Hard coded domain name in example web service named “StockQuoteService.jws” leading to remote code execution.
vendor_redhat·2019-04-09·CVSS 7.5
CVE-2019-0227 [HIGH] CWE-547 axis: Hard coded domain name in example web service named “StockQuoteService.jws” leading to remote code execution.
axis: Hard coded domain name in example web service named “StockQuoteService.jws” leading to remote code execution.
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.
Package: axis (Red Hat Enterprise Linux 5) - Will not fix
Package: axis (Red Hat Enterprise Linux 6) - Will not fix
Suricata
ET EXPLOIT Barracuda Spam Firewall 3.3.x RCE 2006-4000 (Inbound)
suricata·2019-12-16
CVE-2006-4000 ET EXPLOIT Barracuda Spam Firewall 3.3.x RCE 2006-4000 (Inbound)
ET EXPLOIT Barracuda Spam Firewall 3.3.x RCE 2006-4000 (Inbound)
Rule: alert http $EXTERNAL_NET any -> any any (msg:"ET EXPLOIT Barracuda Spam Firewall 3.3.x RCE 2006-4000 (Inbound)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/cgi-bin/preview_email.cgi?file=/mail/mlog/|7c|"; startswith; fast_pattern; content:"http"; distance:0; reference:url,unit42.paloaltonetworks.com/mirai-variant-echobot-resurfaces-with-13-previously-unexploited-vulnerabilities/; reference:cve,2006-4000; classtype:attempted-admin; sid:2029173; rev:3; metadata:affected_product Linux, attack_target IoT, created_at 2019_12_16, cve CVE_2006_4000, deployment Perimeter, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_13;)
Suricata
ET EXPLOIT Barracuda Spam Firewall 3.3.x RCE 2006-4000 (Outbound)
suricata·2019-12-16
CVE-2006-4000 ET EXPLOIT Barracuda Spam Firewall 3.3.x RCE 2006-4000 (Outbound)
ET EXPLOIT Barracuda Spam Firewall 3.3.x RCE 2006-4000 (Outbound)
Rule: alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT Barracuda Spam Firewall 3.3.x RCE 2006-4000 (Outbound)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/cgi-bin/preview_email.cgi?file=/mail/mlog/|7c|"; startswith; fast_pattern; content:"http"; distance:0; reference:url,unit42.paloaltonetworks.com/mirai-variant-echobot-resurfaces-with-13-previously-unexploited-vulnerabilities/; reference:cve,2006-4000; classtype:attempted-admin; sid:2029172; rev:3; metadata:affected_product Linux, attack_target IoT, created_at 2019_12_16, cve CVE_2006_4000, deployment Perimeter, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_13;)
Suricata
GPL VOIP EXPLOIT SIP UDP Softphone overflow attempt
suricata·2010-09-23
CVE-2006-0189 GPL VOIP EXPLOIT SIP UDP Softphone overflow attempt
GPL VOIP EXPLOIT SIP UDP Softphone overflow attempt
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"GPL VOIP EXPLOIT SIP UDP Softphone overflow attempt"; content:"|3B|branch|3D|"; content:"a|3D|"; pcre:"/^a\x3D[^\n]{1000,}/smi"; reference:bugtraq,16213; reference:cve,2006-0189; classtype:misc-attack; sid:2100223; rev:2; metadata:created_at 2010_09_23, cve CVE_2006_0189, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Suricata
GPL SNMP SNMP trap Format String detected
suricata·2010-09-23
CVE-2006-0250 GPL SNMP SNMP trap Format String detected
GPL SNMP SNMP trap Format String detected
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET 162 (msg:"GPL SNMP SNMP trap Format String detected"; content:"%s"; fast_pattern; reference:bugtraq,16267; reference:cve,2006-0250; reference:url,www.osvdb.org/displayvuln.php?osvdb_id=22493; classtype:attempted-recon; sid:2100227; rev:5; metadata:created_at 2010_09_23, cve CVE_2006_0250, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_10_08;)
Exploit-DB
Netartmedia PHP Mall 4.1 - SQL Injection
exploitdb·2019-03-19
Netartmedia PHP Mall 4.1 - SQL Injection
Netartmedia PHP Mall 4.1 - SQL Injection
---
# Exploit Title: Netartmedia PHP Mall 4.1 - Multiple SQL Injection
# Date: 19.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://www.netartmedia.net/mall/
# Demo Site: https://www.phpscriptdemos.com/mall/
# Version: 4.1
# Tested on: Kali Linux
# CVE: N/A
# Description: PHP Mall is one of the first multi-stores and multi-vendors
php scripts (offered since 2006) and successfully used on many websites
today.
----- PoC 1 : SQLi (time-based blind) -----
# Request: http://localhost/[PATH]/index.php
# Parameter: id (GET)
# Payload: id=1 AND SLEEP(5)&item=&lang=en&mod=details
----- PoC 2 : SQLi (time-based blind) ----
# Request: http://localhost/[PATH]/loginaction.php
# Parameter: Email (POST)
# Payload: Email=0'XOR(if(now()=sysd
Exploit-DB
Apple Mac OSX Safari 2.0.3 (417.9.2) - 'ROWSPAN' Denial of Service (PoC)
exploitdb·2006-04-24
CVE-2006-2019 Apple Mac OSX Safari 2.0.3 (417.9.2) - 'ROWSPAN' Denial of Service (PoC)
Apple Mac OSX Safari 2.0.3 (417.9.2) - 'ROWSPAN' Denial of Service (PoC)
---
# milw0rm.com [2006-04-24]
No writeups or analysis indexed.
http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045472.htmlhttp://secunia.com/advisories/19763http://securitytracker.com/id?1015982http://www.securityfocus.com/archive/1/431874/100/0/threadedhttp://www.securityfocus.com/archive/1/431944/100/0/threadedhttp://www.securityfocus.com/bid/17674http://www.vupen.com/english/advisories/2006/1508https://exchange.xforce.ibmcloud.com/vulnerabilities/25998https://www.exploit-db.com/exploits/1715http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045472.htmlhttp://secunia.com/advisories/19763http://securitytracker.com/id?1015982http://www.securityfocus.com/archive/1/431874/100/0/threadedhttp://www.securityfocus.com/archive/1/431944/100/0/threadedhttp://www.securityfocus.com/bid/17674http://www.vupen.com/english/advisories/2006/1508https://exchange.xforce.ibmcloud.com/vulnerabilities/25998https://www.exploit-db.com/exploits/1715
2006-04-25
Published